Secunia
Login
|
|
CVE Reference: CVE-2007-4000 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-4000 |
|
|
Description: The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/36438 SUSE http://www.novell.com/linux/security/advisories/2007_19_sr.html ST 1018647 SREASON http://securityreason.com/securityalert/3092 SAID Secunia Advisory: SA26987 Secunia Advisory: SA26783 Secunia Advisory: SA26700 Secunia Advisory: SA26676 Secunia Advisory: SA26728 Secunia Advisory: SA26680 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0858.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9278 MISC MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml FEDORA CONFIRM http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt CERT-VN 377544 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/478794/100/0/threaded BID 25533 |
|
| Return to the previous page. |
